Describes all the possible remote diagnostics tests that you can run on an Edge to obtain diagnostic information. The diagnostic information contains Edge-specific logs for analysis.

Remote diagnostics test can be run from the VMware SD-WAN Orchestrator by selecting the SD-WAN Edge and choosing Test & Troubleshoot > Remote Diagnostics, selecting an individual diagnostic test, and then clicking Run .

The following are the supported remote diagnostics tests:

ARP Table Dump

Run this test to view the contents of the ARP table. The output is limited to display 1000 ARP entries.

Clear ARP Cache

Run this test to clear the ARP cache entries for the specified interface.

DNS Test

Run this test to perform a DNS lookup of the specified domain name.

DNS/DHCP Service Restart

Run this test to restart the DNS/DHCP service. This can serve as a troubleshooting step if DHCP or DNS requests are failing for clients.

Flush Firewall Sessions

Run this test to reset established sessions from the firewall. Running this test on an Edge not only flushes the firewall sessions, but actively send a TCP RST for the TCP-based sessions.

Flush Flows

Run this test to flush the flow table, causing user traffic to be re-classified. Use source and destination IP address filters to flush specific flows.

Flush NAT

Run this test to flush the NAT table.

Gateway

Run this test by choosing whether cloud traffic should or should not use the Gateway Service.
Note: This does not affect the routing of VPN traffic.

GPON Status

Run this test on any selected 6x0 Edge device to view the GPON SFP status, including Vendor MAC, Host Link Status, Link Rate, TX and RX power, and Optical Status.

HA Info

Run this test to view basic and interface information of active and standby Edges when HA is enabled.

Interface Status

Run this test to view the MAC address and connection status of physical interfaces.

LTE Modem Information

Run this test on a selected Edge that has an integrated LTE module, such as 510-LTE or 610-LTE, to collect diagnostic details such as Modem information, Connection information, Location information, Signal information, and Status information for the internal LTE modem.

LTE SIM Switchover

For 610-LTE devices only, run this test to switch active SIMs. Both SIMs must be inserted to run this test. The test will take approximately four to five minutes.

After the test is successful, you can check the status of the current active interface in the SD-WAN Orchestrator under the Monitor -> Edges - > Overview tab.

List Active Firewall Sessions

Run this test to view the current state of the active firewall sessions (up to a maximum of 1000 sessions). You can limit the number of sessions returned by using filters: source and destination IP address, source and destination port, and Segment.
Note: You cannot see sessions that were denied as they are not active sessions. To troubleshoot those sessions you will need to check the firewall logs.
The Remote Diagnostics output displays the following information: Segment name, Source IP, Source Port, Destination IP, Destination Port, Protocol, Application, Firewall Policy, current TCP state of any flows, Bytes Received/Sent, and Duration. There are 11 distinct TCP states as defined in RFC 793:
  • LISTEN - represents waiting for a connection request from any remote TCP and port. (This state is not shown in a Remote Diagnostic output).
  • SYN-SENT - represents waiting for a matching connection request after having sent a connection request.
  • SYN-RECEIVED - represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
  • ESTABLISHED - represents an open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.
  • FIN-WAIT-1 - represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
  • FIN-WAIT-2 - represents waiting for a connection termination request from the remote TCP.
  • CLOSE-WAIT - represents waiting for a connection termination request from the local user.
  • CLOSING - represents waiting for a connection termination request acknowledgment from the remote TCP.
  • LAST-ACK - represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
  • TIME-WAIT - represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
  • CLOSED - represents no connection state at all.

List Active Flows

Run this test to list active flows in the system. Use source and destination IP address filters to view the exact flows you want to see. This output is limited to a maximum of 1000 flows.

List Clients

Run this test to view the complete list of clients.

List Paths

Run this test to view the list of active paths between local WAN links and each peer.

MIBs for Edge

Run this test to dump Edge MIBs.

NAT Table Dump

Run this test to view the contents of the NAT Table. Use the destination IP address filter to view the exact entries you want to see. This output is limited to a maximum of 1000 entries.

NTP Dump

Run this test to view the current date and time on Edge and NTP information.

Ping Test

Run a ping test to the destination specified.

Reset USB Modem

Run this test on a selected Edge interface to reset an unworking USB modem connected to the given interface. Note that not all USB modems support this type of remote reset.

Route Table Dump

Run this test to view the contents of the Route Table.
Note: An unresolved route, learnt over multi-hop BGP, might point to an intermediate interface, as shown in the above image. For more information, see Multi-hop BGP Routes.

System Information

Run this test to view system information such as system load, recent WAN stability statistics, monitoring services. WAN stability statistics include the number of times individual VPN tunnels and WAN links lost connectivity for at least 700 milliseconds. The tunnel disconnects do not include the count of direct IPsec connections.

Traceroute

Run a traceroute via the Gateway or directly out any of the WAN interfaces to the destination specified.

Troubleshoot BFD - Show BFD Peer Status

Run this test to show all the status of BFD peers.

Troubleshoot BFD - Show BFD Peer counters

Run this test to view all the counters of BFD peers.

Troubleshoot BFD - Show BFD Setting

Run this test to view BFD setting and neighbor status.

Multi-hop BGP Routes

Over Multi-hop BGP, the system might learn routes that require recursive lookup. These routes have a next-hop IP which is not in a connected subnet, and do not have a valid exit interface. In this case, the routes must have the next-hop IP resolved using another route in the routing table that has an exit interface. When there is traffic for a destination that needs these routes to be looked up, routes requiring recursive lookup will get resolved to a connected Next Hop IP address and interface. Until the recursive resolution happens, the recursive routes point to an intermediate interface.

You can view the unresolved routes pointing to intermediate interface in the following Remote Diagnostics tests:

Troubleshoot BGP - List BGP Redistributed Routes

Run this test to view routes redistributed to BGP neighbors.
Note: An unresolved route, learnt over multi-hop BGP, might point to an intermediate interface. For more information, see Multi-hop BGP Routes.

Troubleshoot BGP - List BGP Routes

Run this test to view the specific BGP routes from neighbors, leave prefix empty to view all.
Note: An unresolved route, learnt over multi-hop BGP, might point to an intermediate interface, as shown in the above image. For more information, see Multi-hop BGP Routes.

Troubleshoot BGP - List Routes per Prefix

Run this test to view all the Overlay and Underlay routes for a prefix and the related details.
Note: An unresolved route, learnt over multi-hop BGP, might point to an intermediate interface. For more information, see Multi-hop BGP Routes.

Troubleshoot BGP - Show BGP Neighbor Advertised Routes

Run this test to view the BGP routes advertised to a neighbor.

Troubleshoot BGP - Show BGP Neighbor Learned Routes

Run this test to view all the accepted BGP routes learned from a neighbor after filters.

Troubleshoot BGP - Show BGP Neighbor Received Routes

Run this test to view all the BGP routes learned from a neighbor before filters.

Troubleshoot BGP - Show BGP Neighbor details

Run this test to view the details of BGP neighbor.

Troubleshoot BGP - Show BGP Routes per Prefix

Run this test to view all the BGP routes and their attributes for the specified prefix.

Troubleshoot BGP - Show BGP Summary

Run this test to view the existing BGP neighbor and received routes.

Troubleshoot BGP - Show BGP Table

Run this test to view the BGP table.

Troubleshoot OSPF - List OSPF Redistributed Routes

Run this test to view all the routes redistributed to OSPF neighbor.

Troubleshoot OSPF - List OSPF Routes

Run this test to view the OSPF routes from neighbors for the specified Prefix. Displays all the OSPF routes from the neighbors if the Prefix is not specified.

Troubleshoot OSPF - Show OSPF Database

Run this test to view the OSPF link state database summary.

Troubleshoot OSPF - Show OSPF Database for E1 Self-Originate Routes

Run this test to view the E1 LSA's self-originated routes that are advertised to OSPF router by the Edge.

Troubleshoot OSPF - Show OSPF Neighbors

Run this test to view all the OSPF neighbors and associated information.

Troubleshoot OSPF - Show OSPF Route Table

Run this test to view the existing OSPF route table.

Troubleshoot OSPF - Show OSPF Setting

Run this test to view the OSPF setting and neighbor status.

VPN Test

Select a segment from the drop-down menu and click Run to test VPN connectivity to each peer.
When the VPN test is run, the Edge selects the Source and Destination IP and initiates the tunnel request. The selected Source and Destination IP should meet the following criteria:
  • It should be a connected route IP
  • It should be reachable and the routes should be advertised

When the Edge cannot select a valid IP as the Source IP to initiate the tunnel request, the VPN Test will fail with the following error.

Branch-to-Branch vpn is disabled. Please enable it before running the test

WAN Link Bandwidth Test

Run the bandwidth test on a specified WAN link. This test has the benefit of being non-disruptive in multi-link environments. Only the link under test is blocked for user traffic. This means that you can re-run the test on a specific link and the other link(s) will continue to serve user traffic.

As the bandwidth test is run when the tunnel reconnects after a period of instability, there have been occasions in the field where the link has recovered enough for tunnel connectivity, but not enough to accurately measure the bandwidth of the WAN link. To address these scenarios, if the bandwidth test fails or measures a significantly reduced value, the last known “good” measurement will be used and a re-test of the link will be scheduled for 30 minutes after the tunnel is established to ensure a proper measurement.

Note: For WAN link over 1 Gbps, it is recommended that the user define the bandwidth of the WAN link.